minreq will use an unbounded amount of memory if the server sends a single infinitely large header. This can be used to exhaust the memory on the machine and cause a denial of service.

You can reproduce the issue by running the following in Linux console and then connecting to localhost:8080 with minreq:

( echo -e "HTTP/1.1 200 OK\r"; echo -n "Huge-header: "; yes A | tr -d '\n' ) | nc -l localhost 8080

Tested using this code for minreq. You can inspect the Cargo.lock to know the exact dependency versions.